Audit user and system security configurations for compliance with internal and external requirements
Performs audits and follow-up on corrective actions; Participate in internal audit activities performed for compliance verification; Interact and coordinate with appropriate business unit resources for audit participation
Functions as a liaison between business units with compliance responsibilities to collect, report, and retain compliance documentation and reports
Prepares and provides updates for monthly internal and external compliance reports
Provides information to management regarding negative business impact caused by violation of confidentiality, integrity or availability of information and information systems
Provides ongoing guidance and support to the organization to promote a progressive and sustainable compliance culture
Document and maintains risk-based compliance policies and procedures; Develop various materials for use on ITS's compliance intranet site
Coordinate training materials and monitoring records and the distribution of regulatory information to the appropriate personnel
Implement and maintains operational plans for key control activities to ensure compliance with regulatory, legal, and corporate or functional related policies and procedures ;Responds to internal and external inquiries and requests for information to clarify regulatory requirements
Assist in development of processes to identify, quantify, analyze, and report on Technology Risk and Compliance status
Identify ongoing process improvements, operational gaps, and potential remediation steps; assist and/or lead process re-design and coordination of remediation efforts and remediation status reporting
Maintains knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures and issues, and assist in leading internal efforts to ensure the organization remains compliant with such laws and regulations
Lead and/or participate in special project teams supporting general business initiatives outside of the primary security function
Perform other duties as assigned
Requirements:
Eight (8) years of related work experience, including a combination of at least three (3) years of progressively responsible experience in Internal Auditing and five (5) years of experience in internal control projects in the private industry.
Education:
Bachelor Degree in Computer Science or related discipline, or equivalent combination of education and experience required.
Risk management, governance or security certification (CRISC, CGEIT, CISSP, CISM, CISA) or ability to obtain within six months.
Project Management certification (PMP) preferred.
Knowledge, Skills, & Abilities:
Demonstrate behaviors based on values: Excellence, Innovation, Leadership, Passion and Trust
Working knowledge of NACHA, SSAE 16 and PCI requirements
Working knowledge of ISO27000 series of standards, PCI, COBIT, ITIL, and Sarbanes Oxley rules surrounding IT
Working knowledge of OFAC, BSA, GLBA, Patriot Act and other Federal or State laws that impact National Security requirements or privacy
Strong communication skills, including written skills relating to issue documentation and reporting to executive management and the audit committee
Understands application of security concepts across a broad scope of information technology areas including data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery
Ability to exercise discretion and good judgment in making decisions; Understanding of security/controls risk vs. business impact to inform decision making
Ability to maintain confidentiality of materials handled
